#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Set Password Expiration Parameters

#Initialize variables
export PRECHECK="if ( grep -q '^PASS_MAX_DAYS.*' /etc/login.defs && grep -q '^PASS_MIN_LEN.*' /etc/login.defs && grep -q '^PASS_MIN_DAYS.*' /etc/login.defs && grep -q '^PASS_WARN_AGE.*' /etc/login.defs );then echo found; fi"
export QUESTION="Would you like to set password expiration parameters?"
export DESCRIPTION="Users should be forced to change their passwords, in order to decrease the utility of compromised passwords. However, the need to change passwords often should be balanced against the risk that users will reuse or write down passwords if forced to change them too often. Forcing password changes every 90-360 days, depending on the environment, is recommended."
export SOLUTION="changeOrAdd '^PASS_MAX_DAYS.*' 'PASS_MAX_DAYS 60' /etc/login.defs; \ 
changeOrAdd '^PASS_MIN_LEN.*' 'PASS_MIN_LEN	8' /etc/login.defs;  \
changeOrAdd '^PASS_MIN_DAYS.*' 'PASS_MIN_DAYS 7' /etc/login.defs; \
changeOrAdd '^PASS_WARN_AGE.*' 'PASS_WARN_AGE 7' /etc/login.defs;"


